Knowledge Base

OpenManage Power Center Access Control (Managing User Accounts)

OpenManage Power Center Access Control (Managing User Accounts)
This chapter provides information about access control in Dell OpenManage Power Center, including:

Log in/Log out — Log into Power Center by entering user account credentials.

User/Role/Privilege Management — After logging in, you can manage user accounts from the Settings → User and Group Accounts area of the management console. Power Center provides role-based access control; to use these controls, set up roles first, and then define the privileges for each role. Then, you can set up Power Center accounts and assign them to different roles.

Licensing — Power Center requires a valid license. Once the trial license expires, you will be required to import a permanent license.

About Authentication
Power Center supports both Power Center users and Windows and Linux users.
For cross-domain authentication, domains must be two-way transitively trusted by the domain in which the Power Center server is installed. Authentication of user accounts in domains that are one-way trusted or not trusted by the domain in which the Power Center server is installed is not supported and may fail.

Logging In
Dell OpenManage Power Center supports both Power Center-managed users and authenticated Windows and Linux users.

Logging In With A User Name And Password
To log into Dell OpenManage Power Center with a user name and password, use one of the following accounts:

NOTE: When logging into Power Center for the first time following installation, you must use the Power Center user account created during installation.

Power Center Account — You can create this account in Power Center. When logging into Power Center for the first time, you must use the Power Center user account created during installation.

NOTE: Before logging into Power Center using either the Windows domain or the Windows local account, you must add the account into Power Center by accessing the Settings → User And Group Accounts screen.

NOTE: You cannot log into Power Center using SSO on the Power Center server. You only can log into Power Center using SSO remotely.

NOTE: You must add the SSO user account to Power Center before you can log in using SSO. You will skip the login page and enter the Home page directly using SSO.

Windows Domain Account — Windows domain account.

Windows Local Account — Windows local account on the Power Center server.

Linux Local Account — Linux local account on the Power Center server.

NOTE: Power Center requires that SSL is enabled at the LDAP server, otherwise authentication attempts will fail

NOTE: LDAP authentication must be enabled in the Directory Settings screen.

LDAP Account

Logging In With A Power Center Account

Enter the User Name and Password of the OpenManage Power Center account.

Select OMPC Account (default) from the Login using drop-down list

Click Login.

Logging In With A Windows Domain Account

Enter the User Name and Password of the Windows domain account.

Select Windows Domain Account from the Login using drop-down list.

Enter the Domain name for the Windows domain account.

Click Login.

Logging In With A Windows Local Account

Enter the User Name and Password of the Windows local account.

Select Windows Local Account from the Login using drop-down list.

Click Login.

Logging In With A Linux Local Account

Enter the User Name and Password of the Linux local account.

Select Linux Local Account from the Login using drop-down list.

Click Login.

Logging In With An LDAP Account

NOTE: The LDAP Account type is only available when LDAP authentication has been enabled in Directory Settings.

Enter the User Name and Password of the LDAP account.

Select LDAP Account from the Login using drop-down list.

Click Login.

Logging In With Single Sign-on (SSO)
SSO uses centralized authentication servers that other applications and systems use for authentication purposes together with other techniques to ensure that users do not actively have to enter their credentials more than once. Kerberos SSO requires specific settings for web browsers. Configure your web browser for SSO support. For more information, see configuration steps for Internet Explorer 9 in Configuring Web Browsers For Single Sign-on, or for instructions on SSO configuration in other web browsers, consult the appropriate browser help documentation.
The following is an example of configuration steps in Microsoft Internet Explorer 9:

NOTE: Kerberos SSO may not work if you launch Power Center services using an account other than Network Service.

Single Domain Environment
You can set up a single domain environment with the following components:

Specify a domain user for dcm.dell.com as Power Center server’s domain account for Kerberos SSO—for example, "Tom" and Tom’s password. The user account you specify must be an existing and valid domain user account.

Configuring Web Browsers For Single Sign-on
To enable Kerberos Single Sign-on (SSO), you must configure your web browser to support the feature.

NOTE: To correctly set up Kerberos SSO, the date and time on all involved computers must be consistent and DNS configuration must be correct.

To support SSO in Internet Explorer, you must add the Power Center server as a local Intranet site.
The following is an example of the configuration steps in Microsoft Internet Explorer 9:

Add your Power Center site into Local Intranet—for example, server1.dcm.dell.com.

Multiple Domain Environment
Set up a multiple domain environment with the following components:

Domain Controller — There can be several Windows Active Directory (AD) domain controllers; for example, a parent domain and many child domains.

Power Center Server — This is the server with Power Center installed. It is an AD domain controller.

Power Center Client — The client server connects to the network of the Power Center server.

To set up the Kerberos SSO multiple domain environment:

Install Power Center for SSO

Configure your web browser for SSO.

Windows NT LAN Manager (NTLM) Authentication Limitation
Dell OpenManage Power Center supports Kerberos SSO for Windows domain user authentication. To enable this feature, Power Center is configured to support the Windows integrated authentication option which includes two authentication mechanisms: Kerberos and NTLM .
NTLM is not supported in Power Center. If the client’s web browser uses NTLM to authenticate domain users for Power Center, there are some limitations.
The web browser displays a message box requiring a Windows user name and password.

If you click OK after entering a user name and password, whether the information is correct or not, the Power Center login page displays and requires you to authenticate through the login page.

If you click Cancel, an HTTP Status 401 failure displays, and you cannot log into Power Center.

Logging Out
To log out of Dell OpenManage Power Center when not logged in through Kerberos SSO, click Logout at the upper right corner of the management console.
When logged in through Kerberos SSO, close the web browser or the Power Center management console to log out. Clicking Logout will not work.

Place a check mark in the check box beside the role you want to edit, then click Edit.
The Edit Role screen opens.

Make any changes required to the Role Name, Role Description, and Select Privileges fields for this role.

Click Save to save your changes, or click Cancel to discard them.

Deleting A Role

Click Settings → Roles in the left navigation pane.

Place a check mark in the check box beside the role you want to delete, then click Delete.

Click Yes to confirm the deletion, or click No to discard the delete task.

Privileges
Each pre-defined role is associated with a set of specific privileges. Additionally, you can create custom roles with one or more of the following privileges:

Global Configuration

Role/User Management

View Device and Group Information

Manage Device and Group

Manage Policy

Manage Event

Manage License

Every Power Center screen functions differently depending on the privilege level assigned to a user account:

Fully functional—User can view and edit all.

Partially functional—User can partially view or edit.

Not functional—User sees a blank page.

Global Configuration
The Global Configuration privilege enables a user to change the Power Center global configuration—for example, the sampling interval and database settings. Users without this privilege can only view part of the Settings page, and cannot make any changes (the Edit option is not available).

Manage Role/User
Users with the Manage Role/User privilege can:

Create roles

Delete roles

Update roles

Create users

Delete users

Update users

Users without this privilege can only view their own user account information and update the password.

View Device/Group
The View Device/Group privilege enables a user to view all device and group information. Users without this privilege cannot view device or group information; they can only view the Settings page.
Users with only the View Device/Group privilege have the following restrictions:

NOTE: When you assign the Manage Device/Group privilege to a user, Power Center automatically assigns the View Device/Group privilege to this user as well. Users without this privilege can view all devices and group information, but cannot add/delete/edit/manage the devices and groups.

Manage Policy

The Manage Policy privilege enables a user to:

Add/remove a policy

Update a policy

Start/stop Emergency Power Reduction on a device or group

NOTE: To manage a policy, you must also have the View Device/Group privilege. Users without this privilege cannot see the Policies screen.

Manage Event
The Manage Event privilege enables a user to:

Add/Remove an event condition (threshold)

Update an event condition (threshold)

Remove an event

NOTE: To manage an event, you must also have the View Device/Group privilege. Users without this privilege can view event information and add comments to events, but cannot delete events or see the Thresholds values from the Devices screen.

Managing User Accounts
You can create users and assign them to different roles.
If you have the Manage Role/User privilege, you can add/edit/delete a user in Power Center.

Adding A User Account

Click Settings → User and Group Accounts in the left navigation pane.

NOTE: If OpenManage Power Center is installed on a Windows Active Domain Controller server, every user account added on this server should be a Windows Domain Account.

Click Add a User/Group.
The Add a User or Group Account window opens.

Click the radio button next to A user.

Select an Account Type and enter the required credentials:

For both Windows and Linux installations:

OMPC Account

Enter a unique User Name for the account.

Enter a Password that is at least 8 characters long and includes characters from at least three of the following categories: uppercase, lowercase, numeric, and non-alphanumeric.

Re-enter the password to verify.

For a Windows installation:
Windows Local Account---Enter a unique User Name for the account.

NOTE: If Power Center is installed on a Windows 2012 Essential server and the server is configured as a Domain controller, all user accounts on the server should be Windows Domain Accounts, and not Windows Local Accounts.

Windows Domain Account

Enter a unique User Name for the account.

Enter a valid Windows Domain Name.

For a Linux installation:
Linux Local Account---Enter a unique User Name for the account

NOTE: While Linux Local Accounts can be changed from the Linux server, these changes will not be mirrored in the same local account that was added to Power Center, and Power Center authentication attempts on this account will fail. To keep the Linux Local Account in sync between Power Center and the Linux server when the local account is changed from Linux, the original account must be deleted from Power Center and the changed account must be created in Power Center as a new Linux Local Account.

4. LDAP Account---Enter a unique User Name for the account.

NOTE: A user description is useful when there are two users with the same user name. Two user accounts with the same user name are only possible where the user types differ.

In the upper right portion of the Power Center console, click the user account name under which you are currently logged in to Power Center. The Current User screen opens.

Enter the current password, enter the new password, and then enter it again to verify the new password.

Click Save to apply the new password, or click Cancel to discard your changes.

Change any user or group account password through the Settings > User and Group Accounts screen.

Click Settings → User And Group Accounts, and select the user account whose password you want to change.

Click Edit in the task menu.

Enter the new password. Enter the new password again to confirm.

Click Save to change the password, or click Cancel to discard your changes.

Viewing Current User Information
You can view current user information and update the current user’s password.
To view current user information, click the login user name in the upper-right corner of any page, or go to Settings → User And Group Accounts. Select the current user account from the list, and click Edit.

Click Settings → User And Group Accounts, and select the user account whose password you want to change.

Click Edit in the task menu.

Enter the new password. Enter the new password again to confirm.

Click Save to change the password, or click Cancel to discard your changes.

Quick Tips content is self-published by the Dell Support Professionals who resolve issues daily. In order to achieve a speedy publication, Quick Tips may represent only partial solutions or work-arounds that are still in development or pending further proof of successfully resolving an issue. As such Quick Tips have not been reviewed, validated or approved by Dell and should be used with appropriate caution. Dell shall not be liable for any loss, including but not limited to loss of data, loss of profit or loss of revenue, which customers may incur by following any procedure or advice set out in the Quick Tips.